VIR Vulnerability Intelligence Relay

CVE-2025-10423

low
Published 2025-09-15 · Modified 2026-04-29
CVSS v3
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS v2
2.6
VIR risk
3.7

Description

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used.

Predictions

Exploit likelihood
47%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/newbee-ltd/newbee-mall/issues/101#issue-3380163659

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/newbee-ltd/newbee-mall/issues/101

Application impact
VendorProductVersionsFixed
newbee-mall_projectnewbee-mall1.0

References

CWEs

CWE-287 CWE-804

Verify integrity in audit chain (admin only). AS-IS.